The Department of Homeland Security is in the process of figuring out what information it can share across its offices in “near real time” to address cyber threats, even though officials reported being confused about the online responsibilities of a key agency.
The DHS inspector general (OIG) said that the department is currently hashing out a wider digital security strategy that will layout which types of data “that can and will be shared, information handling procedures, and access controls.”
OIG officials said in a report published Tuesday that this plan, if implemented, will be used by the department to “share cyber indicators more effectively across the DHS components.”
The automation project is expected to be completed by the end of August next year.
The OIG noted, however, that officials from DHS organs with key cyber security responsibilities—the Secret Service and the National Protection and Programs Directorate (an infrastructure-focused entity)–were admittedly unfamiliar with the “cyber mission and responsibilities” of one of DHS’ most controversial organs: US Immigration and Customs Enforcement.
“Further, NPPD and USSS personnel shared a misconception that ICE was primarily responsible for child exploitation investigations, or were not familiar with ICE’s cyber mission and capabilities in general,” the OIG said.
“ICE focuses on criminal activities that are conducted on or facilitated by the Internet as well as cross-border cybercrimes,” the OIG remarked.
The confusion has led data to be sent by DHS officials to the wrong department office, and to inappropriate recipients in other parts of the government—including the FBI.
The OIG, which itself pushed for automated data sharing, pointed out that the push for modernization has come in spite of multiple significant DHS information security vulnerabilities. Deficiencies plaguing internal Secret Service and ICE websites, for example, “could allow an attacker to mislead a legitimate user to providing sensitive information, conduct privileged functions, or execute clickjacking attacks,” the OIG said.
“Clickjacking” is when a malicious actor tricks users into revealing sensitive information or relinquishing control of their computers by misrepresenting the nature of specific hyperlinks.
The National Day Laborer Organizing Network, an immigrants’ rights group umbrella organization, said that “it’s concerning to see ICE deploy next generation technologies when it hasn’t even established its own first generation mechanisms for control and oversight.”
“It’s no wonder that other DHS agencies are confused about ICE’s breadth, or rather over-reach,” NDLON national campaign coordinator Salvador Sarmiento told The Sentinel. “ICE functions as a rogue agency and its disastrous record with database interoperability in the Secure Communities deportation program is a cautionary tale.”
He also called the organization “an adolescent, and insolent, federal police force that lacks the oversight, training, and civil rights safeguards of its DOJ counterparts.”
NDLON has blasted ICE’s now-defunt “Secure Communities” program for mandating the sharing of information between immigration officials and local police.
Collaboration between ICE and municipalities has also been widely condemned by many local law enforcement officers, who say they are less able to do their jobs when immigrant communities fear that mere interaction with city cops could mean expulsion.
NDLON has also been critical of the successor to Security Communities, the Priority Enforcement Program. The group said this summer that “detainers” under the program that ask local police to hold undocumented residents for immigration proceedings are “in violation of the Fourth Amendment.”
ICE has also come under fire from immigrants rights groups and the left for a litany of other abusive programs. It was the subject of a broadside from liberal lawmakers who alleged the body maintained a prison system rife with transphobic and homophobic violence. In June, one of the body’s privately-managed detention facilities was hit by a hunger strike after 200 inmates decided to protest “guard attacks, inhumane conditions, a systemic abuse of power and the death of 31 year-old Mexican national Jose de Jesus Deniz Sahagun.” Detainees had said Sahagun “was beaten by guards before being put in isolation.”
The OIG report released Tuesday noted that information sharing automation efforts being led by NPPD do include input from the some of department’s civil rights and privacy lawyers. It is also being shaped, the report noted, by ICE, the FBI and “the Intelligence Community.”
Read the full DHS OIG report here.
